on: [ push ]
jobs:
  blog-pim:
    runs-on: docker
    container:
      image: git.kun.is/home/forgejo-nix-action:687d16c49ea7936068bac64ec68c480a9d681962
      options: "-v /var/run/secrets/kubernetes.io/serviceaccount:/var/run/secrets/kubernetes.io/serviceaccount"
    steps:
      - name: Clone repository
        run: git clone ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git src
      - run: "curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" https://kubernetes.default.svc/api/v1/namespaces/default/pods"
      - run: nix run nixpkgs#kubectl -- config set-cluster my-cluster --server=https://jefke.dmz:6443 --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
      - run: nix run nixpkgs#kubectl -- config set-credentials my-service-account --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
      - run: nix run nixpkgs#kubectl -- config set-context my-context --cluster=my-cluster --user=my-service-account
      - run: nix run nixpkgs#kubectl -- config use-context my-context
      - run: nix run nixpkgs#kubectl -- get pods
      # - run: |
      #     mkdir -p ~/.config/sops/age
      #     echo -n "${{ secrets.AGE_SECRET_KEY }}" > ~/.config/sops/age/keys.txt
      # - run: |
      #     cd src
      #     nix build .#kubenix.x86_64-linux
      #     bash result/bin/kubenix apply --all